Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: Sanitizing user submitted html
12-02-2010, 07:03 PM #1
Sanitizing user submitted html
Looking for advice and code to sanitize html submitted through a cms system.
- are there other things that should be excluded?
Which came first - the chicken or the egg? The egg... [ticket closed]
If a tree falls... does it make a sound? Yes.............. [ticket closed]
12-02-2010, 07:53 PM #2
- Join Date
- Feb 2009
- Thanked 63 Times in 54 Posts
You don't need to strip PHP if you're just storing and echo()ing it out. Just don't include() or eval() it...
Another point here is: stripping out php is kinda awkward, but if you wanna pursue it properly, without "hacky" str_replace(), gimmie a shout.